REMARKS 

In view of the following remarks, Applicant respectfully requests 
reconsideration and allowance of the subject application. This amendment is 
believed to be fully responsive to all issues raised in the July 7, 2006 Office 
5 Action. 

Rejections to the Claims 
35 U.S.C. 103(a) 

Claims 1-4, 6, 10, 19, 21, and 22 are rejected under 35 U.S.C. 103(a) as 
10 being unpatentable over U.S. Patent Number 6,499,109 issued to 
Balasubramaniam et al. (herein referred to as "Bal") in view of U.S. Patent 
Number 6,253,323 issued to Cox et al. (herein referred to as "Cox"). 

Applicant's application describes techniques for limiting access to 
potentially dangerous code. A control object made up of executable code may 
15 be downloaded to a client device via a web page. Other web pages may then 
attempt to execute the control object that was previously downloaded. To 
ensure that the control object is not invoked maliciously, Applicant's application 
describes digitally signing a web page that invokes a control object before the 
web page is delivered to a client computer. Applicant's application also 
20 describes authenticating the source of a web page that attempts to invoke the 
contra! object, and then verifying that the identified source is authorized to 
invoke the control object. The authentication is performed based on the digital 
signature that is associated with a web page that attempts to invoke the control 



fee@hayes 



5 



0919051004 AF4934.DOC 



object. The authorization may be performed in any of a number of ways, 
including, but not limited to, comparing the source of the web page with a list of 
authorized sources. If either the authentication or the authorization fails, then 
the control object is not invoked. 
5 Specifically, claim 1 recites: 

A method, comprising: 

deriving a digital signature and associating the digital 
signature with a web page only if the web page includes code to 
invoke a control object; and 
10 delivering the web page to an electronic device capable of 

authenticating the digital signature such that the electronic device 
can execute at least a portion of the web page after the digital 
signature is authenticated. 

15 The combination of Bal and Cox does not teach or suggest, "deriving a 

digital signature and associating the digital signature with a web page only if the 
web page includes code to invoke a control object," as recited in claim 1 . 

Bal describes verifying the source of software downloaded from a remote 
20 site to a client computer over a computer network before the software can be 
executed on the client computer. (Bal, Abstract.) Specifically, Ba! describes a 
computer-executable program code that first determines the URL to which a 
browser running on the client computer is pointed and enables the downloaded 
software program only if the URL to which the browser is pointed is an 
25 authorized URL. (Bal, Summary.) 
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Cox describes multiple embodiments of an object-based digital signature 
that may allow digital signatures to approve or verify portions of documents, 
address issues associated with the temporal ordering of digital signatures, and 
allow information dispersed over a network of computing systems to be verified 
5 or approved. (Cox, column 6, lines 13-23.) Cox also describes an object based 
digital signature that allows digital signatures to approve or validate portions of 
documents. {Cox, column 6, lines 55-57.) 

Neither Bal nor Cox teach or suggest "deriving a digital signature and 
associating the digital signature with a web page only if the web page includes 
10 code to invoke a control object," as recited in claim 1. The Office cites Bal, 
column 2, line 43 - column 3, line 19 and column 6, lines 20-29 as teaching 
"associating an authentication code with a web page only if the web page 
includes code to invoke a control object." The Office also states that the cited 
portions of Bal teach checking "whether the web site is authorized web site 
1 5 when the software is invoked by the script." (Office Action, page 2.) 

Checking whether the web site is an authorized web site when the 
software is invoked by the script is not the same as authenticating a digital 
signature associated with a web page, as claimed. 

Furthermore, the Office states: 

20 Regarding applicant's remakes, applicant argues that the 

references do not disclose associating the digital signature with a 
web page only if the web page includes code to invoke a control 
object. However, examiner disagrees. Bal reference discloses 
that the first check takes place when the script is detected and 

25 running on client computer to invoke the software (Bal: column 6 
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lines 22-25). Therefore, applicant's argument is respectfully 
traversed because associating with a digital signature occurs 
when the script is detected and running on client computer. 
(Office Action, page 5.) 

5 

The Office is contending that the combination of Bal and Cox teaches 
associating a digital signature with a web page when the script is detected and 
running on the client computer. This interpretation is inconsistent with the 
language of claim 1. As stated above, claim 1 recites, "deriving a digital 

10 signature and associating the digital signature with a web page...; and 
delivering the web page to an electronic device capable of authenticating the 
digital signature... execute at least a portion of the web page after the digital 
signature is authenticated." The claim language clearly teaches that the digital 
signature is associated with the web page prior to the web page being delivered 

15 to the client computer. Accordingly, the Office's interpretation of Bal that, 
"associating with a digital signature occurs when the script is detected and 
running on client computer," does not teach the limitations of claim 1 . 

Accordingly, for at least these reasons, claim 1 is allowable over Bal in 
view of Cox. 

20 

Claims 2-4, 6, 10, 19, 21, and 22 are allowable by virtue of their direct or 
indirect dependence on claim 1 . Furthermore, one or more of claims 2-4, 6, 10, 
19,21, and 22 may also be allowable over Bal in view of Cox for other reasons. 
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For example, claim 3 recites, "in an event that the web page does not 
include code to invoke the control object, delivering the web page without a 
digital signature." Neither Bal nor Cox teach or suggest delivering a web page 
without a digital signature in an event that the web page does not include code 
5 in invoke a control object. Bal does not teach or suggest digitally signing any 
web pages; and Cox describes a way in which web pages can be digitally 
signed, but- does not suggest conditionally signing a web page based on 
whether or not the web page includes code to invoke a control object. 

With regard to claim 3, the Office cites Bal, column 7, lines 29-51. The 

10 Office contends that the cited portion of Bal teaches, "determine that a control 
object is present in the web page and then authenticate whether the web site is 
authorized." (Office Action, page 3.) The determining and authenticating 
described by the Office is performed by a client computer after receiving the 
web page, and is not the same as "in an event that the web page does not 

15 include code to invoke the control object, delivering the web page without a 
digital signature," as recited in claim 3. Accordingly, claim 3 is also allowable 
over Bal in view of Cox. 
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Conclusion 

Claims 1-4, 6, 10, 19, 21, and 22 are believed to be in condition for 
allowance. Applicant respectfully requests reconsideration and prompt 
issuance of the present application. Should any issue remain that prevents 
5 immediate issuance of the application, the Examiner is encouraged to contact 
the undersigned agent to discuss the unresolved issue. 

10 Respectfully Submitted, 



Lee & Hayes, PLLC 
421 W. Riverside Avenue, Suite 500 
Spokane, WA 99201 



15 





Name: Kayla D. Brant 
Reg. No. 46,576 

Phone No. (509) 324-9256 ext. 242 
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